A snapshot of Doplik: Unwanted Software using serialized JavaScript bytecode as an anti-analysis technique

Back to the list of Speakers and Sessions
Watch the stream
Doplik is an Unwanted Software that uses V8 snapshots with serialized JavaScript bytecode as an anti-analysis technique. We will share some of the reverse engineering challenges we faced.

Doplik is an Unwanted Software based on NW.js, which is an open-source way of writing native desktop applications using web technologies. What makes Doplik especially interesting is that instead of opting to use plaintext JavaScript, Doplik ships with binary V8 snapshots that contain serialized bytecode representation of Doplik’s source code, preventing static analysis without specialized tooling.

In this talk, we will share a deep dive on some of the reverse engineering challenges we faced and how we were able to overcome them and release an open-source Ghidra plugin to disassemble V8 snapshots.